On 27/07/2024 21:26, Meinhard Schneider via dovecot wrote:
Hello,
I have now adjusted the values accordingly:
root@lnxmail01:~# doveconf | grep -A 13 ^plugin plugin { sieve = file:~/sieve;active=~/.dovecot.sieve sieve_execute_exec_timeout = 60s sieve_extensions = +vnd.dovecot.filter +spamtest +spamtestplus sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter sieve_filter_exec_timeout = 60s sieve_filter_socket_dir = sieve-filter sieve_global = /usr/lib/dovecot/sieve-global sieve_pipe_exec_timeout = 60s sieve_plugins = sieve_extprograms sieve_spamtest_max_value = 5 sieve_spamtest_status_header = X-Spam-Level sieve_spamtest_status_type = strlen }
I will observe whether the problems continue to occur.
I guess that the possibility of problems happening is still there since whatever timeout you put, it could be exceeded. It doesn't seem like a robust way of filtering.
Nevertheless, I would like to know if there is a way to prevent the e-mails from being completely discarded if an error occurs.
I would expect Dovecot and Pigeonhole not to discard emails in the case of errors. My expectation would be that if the script returns an error code then the email will be kept by default. Do you have any evidence of discarding email in the case of errors, where the scripts is returning an error to dovecot but it is ignored?
As for discarding emails when the script times out, I believe you are right about that. On the face of it it seems the wrong thing to do but I guess there may be an explanation that I don't know as to why it works that way.
The program /usr/lib/dovecot/sieve-filter/spamc-filter.sh is executed because there is an include in the file .dovecot.sieve: include :global “spamc”; This is sufficient to start the filter “spamc-filter.sh” (I got this from a guide on the Internet, but I can't find the link to it now).
My understanding is that this will include another sieve script called "spamc", not directly call an external comamnd.
The problem is that only spamc is started in the script and STDIN and STDOUT are connected to dovecot-lda. It would be easy to abort the call of spamc after X seconds (man 'timeout(1)'). But then the input provided by dovecot-lda and piped into spamc would be lost. You would therefore have to cache all input in the script that comes via STDIN in a file. If spamc is aborted, the script would have to recognize this and output the contents of this file again via STDOUT. spamc must be called using 'timeout' and the timeout used must be less than what was set for sieve_filter_exec_timeout. This would then save the mail from /dev/null.
Unfortunately, I currently see no other way to solve this problem.
Or does anyone have another idea how to tackle this issue?
Maybe you could work out how to return an error code from the script after a timeout (before the dovecot timeout kicks in and kills it). I'm not convinced you'd need to worry about STDIN and STDOUT. You could check this easily by having a test script which returns a non zero value (e.g. exit 1).
John